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RECEIVED 

CENTRAL FAX CENTER 
AMENDMEN TS TO THE CLAIMS: AUG 3 0 2007 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. 

1. (Previously Presented) A method, comprising: 

encountering a function call instruction that calls a called function during program 

execution; 

saving a return address in a first stack and in a second stack at the same time, the return 
address containing an instruction to he executed after execution of the called function; 
executing the called function; and 

determining if the return address stored in the first stack matches the return address stored 
in the second stack to provide protection from a buffer overflow attack. 

2. (Original) The method of claim 1, further comprising generating an exception if the 
return addresses do not match. 

3. (Original) The method of claim 2, further comprising executing exception handling 
code if an exception was generated. 

4. (Previously Presented) The method of claim 3, wherein the exception handling 
code determines what value to pass to a program pointer based on the return address retrieved 
from each of the fimt and second stack. 

5. (Original) The method of claim 3, wherein the exception handling code terminates 
execution of die program. 

6. (Previously Presented) A method, comprising: 
processing instructions wiUiin a virtual machine; 
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saving a return address in a first slack and in a second stack at the same time, Ihe return 
address being an address at which program execution is to resume after execution of a called 
function; 

comparing the return addresses saved in the first and second stack upon execution of the 
called function; and 

exiting the virtual machine if the return addresses do not match to provide protection 
from a buffer overflow attack. 

7. (Original) The method of claim 6, further comprising passing control to an exception 
handler. 

8. (Original) The method of claim 7, wherein the exception handler determines if the 
return address from the first stack or the return address from the second stack is to be used as a 
value for an instruction pointer. 

9. (Previously Presented) A method, comprising: 

creating first and second stacks for a program during execution of the program; 

« 

encountering a ninction call to a called function; 

storing data for the called function and a return address in the first stack; 

storing the return address in the second stack at the same time as the first stack; and 

passing control of the program to an exception handler if the return address stored in the 
first stack does not match the rerun, address stored in the second stack upon execution of the 
called function to provide protection from a buffer overflow attack. 

* 

1 0. (Original) The method of claim 9, wherein the exception handier determines if the 
return address from the first stack, or the return address from the second stack is to be used as a 
value for an instruction pointer. 

1 1 . (Previously Presented) A processor, comprising: 
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memory management logic to allocate first and second memory locations corresponding 
to first and second stacks, respectively, when a function call instruction calls to a called function 
is encountered during program execution; 

function call logic to write a return address to a memory location from the first memory 
locations and to a memory location from the second memory locations at the same time, the 
return address being an address at wliich program flow is to resume after execution of the called 
function; and 

buffer overflow control logic to determine if the return address retrieved from the first 
memory locations matches the return address retrieved from the second memory locations, upon 
execution of the called function to provide protection from a buffer overflow attack. 

12. (Previously presented) The processor of claim 1 1 . wherein the function call logic 
and the buffer overflow control logic comprises microcode stored within the processor. 

13. (Previously Presented) A system, comprising: 
a memory; and 

a processor coupled to the memory, the processor comprising memory management logic 
to allocate first and second memory locations corresponding to first and second stacks, 
respectively, when a function call instruction that calls a called function is encountered during - 
program execution; 

function call logic to write a return address to a memory location from the firei memory 
locations and to a memory location from the second memory locations at toe same time, the 
return address being an address at which program flow is to resume after execution of the called 
function; and 

buffer overflow control logic to determine if the return address retrieved from the first 
memory locations matches the return address retrieved from the second memory locations, upon 
execution of the called function to provide protection from a buffer overflow attack. 

14. (Previously presented) The system of claim 13, wherein the memory management 
logic, the mnction call logic, and the buffer overflow control logic comprise microcode stored 
within the processor. 
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1 5 . (Previously Presented) A computer readable medium having stored thereon a 
sequence of instructions which when executed by a processor, cause the processor to perform a 

* 

method comprising: 

encountering a function call instruction that calls a called function during program 
execution; 

saving a return address in a first stack and in a second stack at the same time, the return 
address containing an instruction to be executed after execution of the called function; 
executing the called function ; and 

determining if the return address stored in the first stack matches the return address stored 
the second stack to provide protection from a buffer overflow attack. 



in 



16. (Original) The computer readable medium of claim 1 5, wherein the method further 
comprises generating an exception if the return addresses do not match. 

1 7 . (Previously Presented) A computer readable medium having stored thereon a 
sequence of instructions which when executed by a processor, cause the processor to perform a 

method comprising: 

processing instructions within a virtual machine; 

saving a return address in a first stack and in a second stack at the same time, the return 
address being an address at which program execution is to resume after execution of a called 
function; 

comparing the return addresses saved in the first and second stack upon execution of the 
called function; and 

exiting the virtual machine if the return addresses do not match to provide protection 
from a buffer overflow attack. 

1 8. (Original) The computer readable medium of claim 1 7, wherein the method further 
comprises passing control to an exception handler. 
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19. (Previously Presented) A computer readable medium having stored thereon a 
sequence of instructions which when executed by a processor, cause the processor to perform a 

method comprising: 

creating first and second stacks for a program during execution of the program; 

encountering a function call to a called function; 

storing data for the called function and a return address in the first stack; 

storing the return address in the second stack at the same time as the first stack; and 

passing control of the program to an exception handler if the return address stored in the 
first stack does not match the return address stored in the second stack upon execution of the 
called function to provide protection from a buffer overflow attack. 

* 

20. (Original) The computer readable medium of claim 19, wherein the exception 
handler determines if the return address from the first stack and the return address from the 
second stack is to be used as a value for an instruction pointer. 
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